[Snort-devel] Libpcap

Rob rvmcmil at ...891...
Tue Oct 23 17:11:01 EDT 2001


I am having some problems capturing large packets.  For example, I am
executing the following command on a Linux box

        ping localhost -c 1 -s 30000

and snort gets the fragments OK, but if I do the following

        ping localhost -c 1 -s 50000

I only get one.

If I do this

        ping localhost -c 1 -s 60000

I get nothing.  I am pretty sure it's a problem with libpcap > .6 because
tcpdump is behaving the same way.  I happen to have an old binary of snort
1.7, which I must have compiled with an other version of libpcap that
behaves as it should (gets all the fragments).  Is there a way to tell what
version a snort binary was linked to?  Like tcpdump -V ?

Is anyone else have such problems?


Rob


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20011023/b61f6197/attachment.html>


More information about the Snort-devel mailing list